Argument injection vulnerability in Google Chrome 1.0.154.36 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI. NOTE: a third party disputes this issue, stating that Chrome "will ask for user permission" and "cannot launch the applet even [if] you have given out the permission.
Max CVSS
6.8
EPSS Score
0.94%
Published
2008-12-29
Updated
2024-03-21
Multiple integer overflows in Skia, as used in Google Chrome 1.x before 1.0.154.64 and 2.x, and possibly Android, might allow remote attackers to execute arbitrary code in the renderer process via a crafted (1) image or (2) canvas.
Max CVSS
6.8
EPSS Score
3.73%
Published
2009-05-07
Updated
2009-05-19
Google Chrome before 1.0.154.53 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request.
Max CVSS
6.8
EPSS Score
0.36%
Published
2009-06-15
Updated
2009-06-23
The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page.
Max CVSS
6.8
EPSS Score
0.22%
Published
2009-11-13
Updated
2021-11-08
WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp in WebKit before r52401, as used in Google Chrome before 4.0.249.78, allows remote attackers to bypass the Same Origin Policy via vectors involving the window.open method.
Max CVSS
6.8
EPSS Score
1.00%
Published
2010-02-18
Updated
2017-09-19
Cross-site request forgery (CSRF) vulnerability in loader/DocumentThreadableLoader.cpp in WebCore in WebKit before r57041, as used in Google Chrome before 4.1.249.1059, allows remote attackers to hijack the authentication of unspecified victims via a crafted synchronous preflight XMLHttpRequest operation.
Max CVSS
6.8
EPSS Score
0.38%
Published
2010-09-24
Updated
2017-09-19
Unspecified vulnerability in Google Chrome before 5.0.375.99, when WebGL is used, allows remote attackers to cause a denial of service (out-of-bounds read) via unknown vectors.
Max CVSS
6.8
EPSS Score
0.29%
Published
2010-07-06
Updated
2020-08-10
Google Chrome before 7.0.517.41 does not properly handle the unloading of a page, which allows remote attackers to spoof URLs via unspecified vectors.
Max CVSS
6.8
EPSS Score
1.26%
Published
2010-10-21
Updated
2017-09-19
The PDF event handler in Google Chrome before 9.0.597.84 does not properly interact with print operations, which allows user-assisted remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.
Max CVSS
6.8
EPSS Score
0.35%
Published
2011-02-04
Updated
2020-06-04
Race condition in Google Chrome before 9.0.597.84 allows remote attackers to execute arbitrary code via vectors related to audio.
Max CVSS
6.8
EPSS Score
0.99%
Published
2011-02-04
Updated
2020-06-05
Google Chrome before 9.0.597.107 does not properly implement JavaScript dialogs, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document.
Max CVSS
6.8
EPSS Score
0.98%
Published
2011-03-01
Updated
2020-06-02
Google Chrome before 9.0.597.107 does not properly handle TEXTAREA elements, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document.
Max CVSS
6.8
EPSS Score
0.97%
Published
2011-03-01
Updated
2020-06-04
Google Chrome before 10.0.648.127 does not properly perform a cast of an unspecified variable during text rendering, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.
Max CVSS
6.8
EPSS Score
1.75%
Published
2011-03-11
Updated
2020-06-04
Google Chrome before 10.0.648.127 does not properly handle attributes, which allows remote attackers to cause a denial of service (DOM tree corruption) or possibly have unspecified other impact via a crafted document.
Max CVSS
6.8
EPSS Score
2.12%
Published
2011-03-11
Updated
2020-06-04
Race condition in Google Chrome before 11.0.696.57 on Linux and Mac OS X allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to linked lists and a database.
Max CVSS
6.8
EPSS Score
0.26%
Published
2011-05-03
Updated
2021-09-08
Google Chrome before 11.0.696.57 does not ensure thread safety during handling of MIME data, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
Max CVSS
6.8
EPSS Score
0.47%
Published
2011-05-03
Updated
2020-05-22
Multiple integer overflows in Google Chrome before 11.0.696.57 allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to float rendering.
Max CVSS
6.8
EPSS Score
0.67%
Published
2011-05-03
Updated
2020-05-22
Google Chrome before 11.0.696.57 on Linux does not properly isolate renderer processes, which has unspecified impact and remote attack vectors.
Max CVSS
6.8
EPSS Score
0.32%
Published
2011-05-03
Updated
2020-05-29
Use-after-free vulnerability in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the ruby element and Cascading Style Sheets (CSS) token sequences.
Max CVSS
6.8
EPSS Score
41.85%
Published
2011-05-03
Updated
2020-05-22
Google Chrome before 11.0.696.57 does not properly perform a cast of an unspecified variable during handling of floating select lists, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted HTML document.
Max CVSS
6.8
EPSS Score
0.40%
Published
2011-05-03
Updated
2020-05-22
Google Chrome before 11.0.696.57 does not properly handle mutation events, which allows remote attackers to cause a denial of service (node tree corruption) or possibly have unspecified other impact via unknown vectors.
Max CVSS
6.8
EPSS Score
0.37%
Published
2011-05-03
Updated
2020-05-22
Google Chrome before 11.0.696.57 does not properly implement layering, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale pointers."
Max CVSS
6.8
EPSS Score
0.47%
Published
2011-05-03
Updated
2020-05-22
Race condition in the sandbox launcher implementation in Google Chrome before 11.0.696.57 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
Max CVSS
6.8
EPSS Score
1.23%
Published
2011-05-03
Updated
2020-05-29
Google Chrome before 11.0.696.57 does not properly handle SVG documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
Max CVSS
6.8
EPSS Score
0.37%
Published
2011-05-03
Updated
2020-05-22
Google Chrome before 11.0.696.57 does not properly handle drop-down lists, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
Max CVSS
6.8
EPSS Score
0.47%
Published
2011-05-03
Updated
2020-05-22
757 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!